Permalink
Browse files

FL-820: add ptrace patch to sandbox

  • Loading branch information...
angryvincent committed Oct 10, 2013
1 parent d7d5398 commit cf4789a934bf9382caf4d94150cd830bc6b33f8e
Showing with 141 additions and 0 deletions.
  1. +15 −0 sys-apps/sandbox/files/sandbox-glibc-sys-headers.patch
  2. +126 −0 sys-apps/sandbox/sandbox-2.6-r2.ebuild
@@ -0,0 +1,15 @@
+diff -Nuar -Nuar sandbox-2.6/configure.ac sandbox-2.6-fixed/configure.ac
+--- sandbox-2.6/configure.ac 2012-07-03 19:43:15.000000000 +0000
++++ sandbox-2.6-fixed/configure.ac 2013-10-10 12:07:09.955305402 +0000
+@@ -108,8 +108,10 @@
+ sys/user.h
+ sys/wait.h
+ asm/ptrace.h
+- linux/ptrace.h
+ ]))
++if test "$HAVE_LINUX_PTRACE_H" = ""; then
++ AC_CHECK_HEADER([linux/ptrace.h])
++fi
+
+ dnl Checks for typedefs, structures, and compiler characteristics.
+ dnl Do this after all headers have been checked.
@@ -0,0 +1,126 @@
+# Distributed under the terms of the GNU General Public License v2
+# don't monkey with this ebuild unless contacting portage devs.
+# period.
+#
+
+inherit eutils flag-o-matic toolchain-funcs multilib unpacker multiprocessing
+
+DESCRIPTION="sandbox'd LD_PRELOAD hack"
+HOMEPAGE="http://www.gentoo.org/"
+SRC_URI="mirror://gentoo/${P}.tar.xz
+ http://dev.gentoo.org/~vapier/dist/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="*"
+IUSE="multilib"
+
+DEPEND="app-arch/xz-utils
+ >=app-misc/pax-utils-0.1.19" #265376
+RDEPEND=""
+
+EMULTILIB_PKG="true"
+has sandbox_death_notice ${EBUILD_DEATH_HOOKS} || EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} sandbox_death_notice"
+
+sandbox_death_notice() {
+ ewarn "If configure failed with a 'cannot run C compiled programs' error, try this:"
+ ewarn "FEATURES=-sandbox emerge sandbox"
+}
+
+sb_get_install_abis() { use multilib && get_install_abis || echo ${ABI:-default} ; }
+
+sb_foreach_abi() {
+ local OABI=${ABI}
+ for ABI in $(sb_get_install_abis) ; do
+ cd "${WORKDIR}/build-${ABI}"
+ einfo "Running $1 for ABI=${ABI}..."
+ "$@"
+ done
+ ABI=${OABI}
+}
+
+src_unpack() {
+ unpacker
+ cd "${S}"
+ epatch "${FILESDIR}"/${P}-trace-hppa.patch #425062
+ epatch "${FILESDIR}"/${P}-log-var.patch
+ epatch "${FILESDIR}"/${P}-static-close-fd.patch #364877
+ epatch "${FILESDIR}"/${P}-desktop.patch #443672
+ epatch "${FILESDIR}"/${P}-open-nofollow.patch #413441
+ epatch "${FILESDIR}"/${P}-check-empty-paths-at.patch #346929
+ epatch "${FILESDIR}"/sandbox-glibc-sys-headers.patch #FL-820
+ epatch_user
+}
+
+sb_configure() {
+ mkdir "${WORKDIR}/build-${ABI}"
+ cd "${WORKDIR}/build-${ABI}"
+
+ use multilib && multilib_toolchain_setup ${ABI}
+
+ einfo "Configuring sandbox for ABI=${ABI}..."
+ ECONF_SOURCE="../${P}/" \
+ econf ${myconf} || die
+}
+
+sb_compile() {
+ emake || die
+}
+
+src_compile() {
+ filter-lfs-flags #90228
+
+ # Run configures in parallel!
+ multijob_init
+ local OABI=${ABI}
+ for ABI in $(sb_get_install_abis) ; do
+ multijob_child_init sb_configure
+ done
+ ABI=${OABI}
+ multijob_finish
+
+ sb_foreach_abi sb_compile
+}
+
+sb_test() {
+ emake check TESTSUITEFLAGS="--jobs=$(makeopts_jobs)" || die
+}
+
+src_test() {
+ sb_foreach_abi sb_test
+}
+
+sb_install() {
+ emake DESTDIR="${D}" install || die
+ insinto /etc/sandbox.d #333131
+ doins etc/sandbox.d/00default || die
+}
+
+src_install() {
+ sb_foreach_abi sb_install
+
+ doenvd "${FILESDIR}"/09sandbox
+
+ keepdir /var/log/sandbox
+ fowners root:portage /var/log/sandbox
+ fperms 0770 /var/log/sandbox
+
+ cd "${S}"
+ dodoc AUTHORS ChangeLog* NEWS README
+}
+
+pkg_preinst() {
+ chown root:portage "${D}"/var/log/sandbox
+ chmod 0770 "${D}"/var/log/sandbox
+
+ local old=$(find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*')
+ if [[ -n ${old} ]] ; then
+ elog "Removing old sandbox libraries for you:"
+ elog ${old//${ROOT}}
+ find "${ROOT}"/lib* -maxdepth 1 -name 'libsandbox*' -exec rm -fv {} \;
+ fi
+}
+
+pkg_postinst() {
+ chmod 0755 "${ROOT}"/etc/sandbox.d #265376
+}

0 comments on commit cf4789a

Please sign in to comment.